Secure-by-default templates
varunsh-coder opened this issue · 1 comments
varunsh-coder commented
In addition to fixing GitHub Actions workflows and Dockerfiles, we should also plan to show secure-by-default templates for common scenarios.
- GitHub Actions for publishing scenarios that use OIDC, minimum token-permissions etc
- Dockerfiles for common scenarios with security best practices implemented
- OpenSSF SLSA Generator, recently released npm provenance generator
We can expand to secure-by-default templates for other as code files, Terraform/ CloudFormation etc in the future.
varunsh-coder commented
We could also auto-generate reusable workflows based on an organization's current workflows.